Unauthenticated Access Vulnerability in Arqit Symmetric Key Agreement Platform
CVE-2026-33583

8.7HIGH

Key Information:

Vendor: Arqit
Status: Symmetric Key Agreement Platform
Vendor: CVE Published:; 13 May 2026

What is CVE-2026-33583?

An exposure vulnerability exists in Arqit's Symmetric Key Agreement Platform due to the use of unauthenticated and unencrypted HTTP GET requests. This flaw allows attackers to access the QKEY, which is integral to the ‘OTA-Quantum’ device registration process, as well as other internal system keys. The vulnerability affects versions of the platform released prior to March 26, making it critical for users to upgrade to safeguard their systems against unauthorized access.

Affected Version(s)

Symmetric Key Agreement Platform 0 < 26.03

References

https://www.cvcn.gov.it/cvcn/cve/CVE-2026-33583

third-party-advisory

CVSS V3.1

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2026
Vulnerability Reserved
Mar 23, 2026

CVE-2026-33583 Data

JSON